Details of VAR-201912-0119

ID

VAR-201912-0119

CVE

CVE-2019-8805

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-011304

DESCRIPTION

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. System Extensions is one of the system extensions. There is a security vulnerability in the System Extensions component of Apple macOS Catalina versions prior to 10.15.1

Trust: 1.8

sources: NVD: CVE-2019-8805 // JVNDB: JVNDB-2019-011304 // VULHUB: VHN-160240 // VULMON: CVE-2019-8805

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 11.0 earlier	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.15 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	ipados	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.10.2 for windows earlier	Trust: 0.8
vendor:	apple	model:	macos catalina	scope:	lt	version:	10.15.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	10.13.6 (security update 2019-006 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	eq	version:	10.14.6 (security update 2019-001 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	13.0.3 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	13.2 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	6.1 earlier	Trust: 0.8
vendor:	apple	model:	xcode	scope:	lt	version:	11.2 earlier	Trust: 0.8

sources: JVNDB: JVNDB-2019-011304 // NVD: CVE-2019-8805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8805
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201910-1747
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160240
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-8805
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8805
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-160240
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8805
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160240 // VULMON: CVE-2019-8805 // CNNVD: CNNVD-201910-1747 // NVD: CVE-2019-8805

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-160240 // NVD: CVE-2019-8805

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1747

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1747

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011304

PATCH

title:	About the security content of iCloud for Windows 11.0	url:	https://support.apple.com/en-us/HT210727	Trust: 0.8
title:	About the security content of iCloud for Windows 7.15	url:	https://support.apple.com/en-us/HT210728	Trust: 0.8
title:	About the security content of iOS 13.2 and iPadOS 13.2	url:	https://support.apple.com/en-us/HT210721	Trust: 0.8
title:	About the security content of Xcode 11.2	url:	https://support.apple.com/en-us/HT210729	Trust: 0.8
title:	About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006	url:	https://support.apple.com/en-us/HT210722	Trust: 0.8
title:	About the security content of tvOS 13.2	url:	https://support.apple.com/en-us/HT210723	Trust: 0.8
title:	About the security content of watchOS 6.1	url:	https://support.apple.com/en-us/HT210724	Trust: 0.8
title:	About the security content of Safari 13.0.3	url:	https://support.apple.com/en-us/HT210725	Trust: 0.8
title:	About the security content of iTunes 12.10.2 for Windows	url:	https://support.apple.com/en-us/HT210726	Trust: 0.8
title:	Mac に搭載されている macOS を調べる	url:	https://support.apple.com/ja-jp/HT201260	Trust: 0.8
title:	Apple macOS Catalina System Extensions Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101493	Trust: 0.6
title:	Apple: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25cf0d869bfd0e91074f5ca5a31d8ef0	Trust: 0.1
title:	OSMR-CheatSheet	url:	https://github.com/V0lk3n/OSMR-CheatSheet	Trust: 0.1

sources: VULMON: CVE-2019-8805 // JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1747

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8805	Trust: 2.6
db:	JVN	id:	JVNVU96749516	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011304	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1747	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4010	Trust: 0.6
db:	CNVD	id:	CNVD-2020-03283	Trust: 0.1
db:	VULHUB	id:	VHN-160240	Trust: 0.1
db:	VULMON	id:	CVE-2019-8805	Trust: 0.1

sources: VULHUB: VHN-160240 // VULMON: CVE-2019-8805 // JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1747 // NVD: CVE-2019-8805

REFERENCES

url:	https://support.apple.com/ht210722	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8805	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8788	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8803	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8815	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8766	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8735	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8789	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8804	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8816	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8775	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8793	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8805	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8710	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8819	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8782	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8794	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8807	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8743	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8820	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8783	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8795	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8811	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8747	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8821	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8784	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8797	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8812	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8750	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8822	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8785	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8798	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8813	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8764	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8823	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8786	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8802	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8814	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8765	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8787	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96749516/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8812	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8750	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8822	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8785	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8797	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8813	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8764	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8823	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8786	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8798	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8814	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8765	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8787	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8802	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8815	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8766	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8788	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8803	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8804	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8816	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8775	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8789	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8710	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8819	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8782	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8793	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8807	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8743	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8820	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8783	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8794	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8811	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8747	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8821	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8784	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8735	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8795	Trust: 0.8
url:	https://support.apple.com/en-au/ht201222	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-30747	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4010/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210722	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht210722	Trust: 0.1

sources: VULHUB: VHN-160240 // VULMON: CVE-2019-8805 // JVNDB: JVNDB-2019-011304 // CNNVD: CNNVD-201910-1747 // NVD: CVE-2019-8805

CREDITS

Scott Knight (@sdotknight) of VMware Carbon Black TAU

Trust: 0.6

sources: CNNVD: CNNVD-201910-1747

SOURCES

db:	VULHUB	id:	VHN-160240
db:	VULMON	id:	CVE-2019-8805
db:	JVNDB	id:	JVNDB-2019-011304
db:	CNNVD	id:	CNNVD-201910-1747
db:	NVD	id:	CVE-2019-8805

LAST UPDATE DATE

2024-08-14T12:22:57.536000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160240	date:	2019-12-23T00:00:00
db:	VULMON	id:	CVE-2019-8805	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-011304	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-1747	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8805	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160240	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8805	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-011304	date:	2019-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201910-1747	date:	2019-10-30T00:00:00
db:	NVD	id:	CVE-2019-8805	date:	2019-12-18T18:15:43.083